NIST 800-53 Controls

Baselines:All Low Moderate High Privacy No Baseline

Browse 934 security and privacy controls across 20 families. (filtered to Moderate, Low, No Baseline, Privacy baselines)

Each control is linked to DISA CCI identifiers and STIG checks. Search for fast lookup by control ID or CCI.

PM — Program Management

32 base controls

PM-1Information Security Program Plan

17 CCIs

PM-2Information Security Program Leadership Role

1 CCIs

PM-3Information Security and Privacy Resources

8 CCIs

PM-4Plan of Action and Milestones Process

14 CCIs

PM-5System Inventory

4 CCIs

PM-6Measures of Performance

6 CCIs

PM-7Enterprise Architecture

4 CCIs

PM-8Critical Infrastructure Plan

4 CCIs

PM-9Risk Management Strategy

5 CCIs

PM-10Authorization Process

7 CCIs

PM-11Mission and Business Process Definition

6 CCIs

PM-12Insider Threat Program

1 CCIs

PM-13Security and Privacy Workforce

2 CCIs

PM-14Testing, Training, and Monitoring

21 CCIs

PM-15Security and Privacy Groups and Associations

6 CCIs

PM-16Threat Awareness Program

1 CCIs

PM-17Protecting Controlled Unclassified Information on External Systems

6 CCIs

PM-18Privacy Program Plan

18 CCIs

PM-19Privacy Program Leadership Role

4 CCIs

PM-20Dissemination of Privacy Program Information

5 CCIs

PM-21Accounting of Disclosures

8 CCIs

PM-22Personally Identifiable Information Quality Management

8 CCIs

PM-23Data Governance Body

3 CCIs

PM-24Data Integrity Board

2 CCIs

PM-25Minimization of Personally Identifiable Information Used in Testing, Training, and Research

10 CCIs

PM-26Complaint Management

11 CCIs

PM-27Privacy Reporting

8 CCIs

PM-28Risk Framing

8 CCIs

PM-29Risk Management Program Leadership Roles

4 CCIs

PM-30Supply Chain Risk Management Strategy

7 CCIs

PM-31Continuous Monitoring Strategy

23 CCIs

PM-32Purposing

2 CCIs